CVE-2010-2787
N/A
N/A
Summary
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
- https://bugzilla.redhat.com/show_bug.cgi?id=620226
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
- http://openwall.com/lists/oss-security/2010/07/29/4
- http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776
- https://bugzilla.wikimedia.org/show_bug.cgi?id=24565
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
- http://www.securityfocus.com/bid/42019
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
- https://bugzilla.redhat.com/show_bug.cgi?id=620224
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
- https://bugzilla.redhat.com/show_bug.cgi?id=620226
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
- http://openwall.com/lists/oss-security/2010/07/29/4
- http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776
- https://bugzilla.wikimedia.org/show_bug.cgi?id=24565
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
- http://www.securityfocus.com/bid/42019
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
- https://bugzilla.redhat.com/show_bug.cgi?id=620224
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.